CLAIMS 

What is claimed is: 



1 1 . A method for authenticating messages communicated between partners that belong to 

2 a plurality of partners, the method comprising the steps of: 

3 maintaining at a trusted intermediary a signature decryption key for each partner of 

4 said plurality of partners that is authorized to use said trusted intermediary to 

5 send messages; 

6 receiving at said trusted intermediary messages originated by partners of said plurality 

7 of partners that are intended for other partners of said plurality of partners; 

8 for each message thus received, the trusted intermediary performing the steps of 

9 using the signature decryption key associated with the partner that sent the 

1 0 message to determine whether the message was actually sent by that 

1 1 partner; and 

1 2 if the message was actually sent by that partner, then sending the message to 

13 the partner for which the message is intended along with a digital 

14 signature of said trusted intermediary to indicate that the trusted 

1 5 intermediary has verified that the message was actually sent by the 

1 6 partner that sent the message. 

1 2. The method of Claim 1 wherein the signature decryption key for each partner of said 

2 plurality of partners is a pubhc signature decryption key associated with a private 

3 signature creation key. 



53964-016 



-25- 



1 3. The method of Claim 1 wherein the signature decryption key for each partner of said 

2 plurality of partner is used to decrypt a digital signature associated with a message 

3 that is sent along with the digital signature. 

1 4. The method of Claim 1 wherein the digital signature of the trusted intermediary is 

2 associated with a message that is sent along the digital signature of the trusted 

3 intermediary. 

1 5. The method of Claim 1 wherein the digital signature of the trusted intermediary is 

2 encrypted by a private signature creation key associated with a public signature 

3 decryption key. 

16. A computer-readable medium storing computer code for causing a computer to 

2 perform a method for authenticating messages communicated between partners that 

3 belong to a plurality of partners, by the steps of: 

4 maintaining at a trusted intermediary a signature decryption key for each 

5 partner of said plurality of partners ; 

6 receiving at said trusted intermediary messages originated by partners of said 

7 plurality of partners that are intended for other partners of said 

8 plurality of partners; 

9 for each message thus received, the trusted intermediary performing the steps 
10 of 
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1 1 using the signature decryption key associated with the partner that sent 

1 2 the message to determine whether the message was actually 

1 3 sent by that partner; and 

14 if the message was actually sent by that partner, then sending the 

1 5 message to the partner for which the message is intended along 

1 6 with a digital signature of said trusted intermediary to indicate 

1 7 that the trusted intermediary has verified that the message was 

1 8 sent actually sent by the partner that sent the message. 

1 7. The computer-readable medium of Claim 6 wherein the signature decryption key for 

2 each partner is a public signature decryption key associated with a private signature 

3 creation key. 

1 8. The computer-readable medium of Claim 6 wherein the signature decryption key for 

2 each partner is used to decrypt a digital signature associated with a message is that 

3 sent along with the digital signature. 

1 9. The computer-readable medium of Claim 6 wherein the digital signature of the trusted 

2 intermediary is associated with a message that is sent along with the digital signature. 

1 1 0. The computer-readable medium of Claim 6 wherein the digital signature of the trusted 

2 intermediary is encrypted by a private signature creation key associated with a public 

3 signature decryption key. 



53964-016 



-27- 



1 11. A computer for use in communications between partners that belong to a plurality of 

2 partners, comprising: 

3 storage means configured to store a signature decryption key for each partner 

4 of said plurality of partners that is authorized to use said computer to 

5 send messages; 

6 receiving means configured to receive messages that are originated by 

7 partners of said plurality of partners and that are intended for other 

8 partners of said pluraUty of partners; 

9 signature decryption means; and 

10 sending means; wherein 

1 1 for each message thus received, 

12 said signature decryption means is configured to use the signature 

1 3 decryption key associated with the partner that sent the 

14 message to determine whether the message was actually sent 

15 by that partner; and 

16 if the message was actually sent by that partner, said sending means is 

1 7 configured to send the message along with a digital signature 

18 of said trusted intermediary to the partner for which the 

19 message is intended; wherein said digital signature of said 

20 trusted intermediary is used to indicate that said trusted 

2 1 intermediary has verified that the message was actually sent by 

22 the partner that sent the message. 
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1 12. The computer of claim 1 1 further comprising signature encryption means by which 

2 said digital signature of said trusted intermediary was created. 

1 13. A computer network for use in communications between partners that belong to a 

2 plurality of partners, comprising: 

3 a plurality of computers each of which is configured to store a respective 

4 signature creation key of a partner of said plurality of partners that is 

5 authorized to use a trusted intermediary computer to send messages; 

6 wherein said trusted intermediary computer is configured 

7 to store a pluraUty of signature decryption keys each of which 

8 corresponds to the respective signature creation key that is 

9 stored in each of said plurality of computers; 

1 0 wherein, upon receiving messages that are originated by partners of said 

1 1 pluraUty of partners and that are intended for other partners of said 

1 2 plurality of partners, said trusted intermediary computer, for each 

13 message thus received, is configured 

14 to use the signature decryption key associated with the partner 

1 5 that sent the message to determine whether the message 

1 6 was actually sent by that partner; and 

17 if the message was actually sent by that partner, then sending 

1 8 the message to the partner for which the message is 

1 9 intended along with a digital signature of said trusted 

20 intermediary to indicate that the trusted intermediary 
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21 has verified that the message was actually sent by that 

22 partner that sent the message. 

1 14. A method for a trusted intermediary to manage keys used in communications between 

2 partners that belong to a plurality of partners, the method comprising the steps of: 

3 a trusted intermediary maintaining a message encryption key for each partner 

4 of said plurality of partners that is authorized to use said trusted 

5 intermediary to receive messages; wherein 

6 upon receiving messages that are originated by partners of said plurality of 

7 partners and that are intended for other partners of said plurality of 

8 partners, said trusted intermediary, for each message thus received, 

9 performing the steps of 

1 0 encrypting the message using the message encryption key 

1 1 associated with the partner for which the message is 

12 intended; and 

1 3 sending the encrypted message to the partner for which the 

1 4 message is intended. 

1 15. The method of Claim 1 4 wherein the message encryption key for each partner of said 

2 plurality of partners is a public message encryption key associated with a private 

3 message decryption key. 

1 16. The method of Claim 1 4 wherein each of the messages that are originated by partners 

2 of said plurality of partners and that are intended for other partners of said plurality of 
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3 partners was encrypted using a message encryption key associated with the trusted 

4 intermediary. 

1 17. The method of Claim 1 6 wherein said message encryption key associated with said 

2 trusted intermediary is a public message encryption key that is associated with a 

3 private message decryption key. 

1 18. A computer-readable medium storing computer code for causing a computer to 

2 perform a method for a trusted intermediary to manage keys used in communications 

3 between partners that belong to a plurality of partners, by the steps of: 

4 said trusted intermediary maintaining a message encryption key for each 

5 partner of said plurality of partners that is authorized to use said 

6 trusted intermediary to receive messages; wherein 

7 upon receiving messages originated by partners of said plurality of partners 

8 that are intended for other partners of said plurality of partners, said 

9 trusted intermediary, for each message thus received, performing the 

10 steps of 

1 1 encrypting the message using the message encryption key 

1 2 associated with the partner for which the message is 

13 intended; and 

1 4 sending the encrypted message to the partner for which the 

1 5 message is intended. 
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1 1 9. The computer-readable medium of Claim 1 8 wherein the message encryption key for 

2 each partner of said plurality of partners is a public message encryption key 

3 associated with a private message decryption key. 

1 20. The computer-readable medium of Claim 1 8 wherein the computer further performs 

2 the step of: 

3 each partner of said pluraUty of partners that sends messages: to said trusted 

4 intermediary maintains a message encryption key associated with a 

5 message decryption key of said trusted intermediary, 

1 21 . The computer-readable medium of Claim 20 wherein said message encryption key 

2 associated with said message decryption key of said trusted intermediary is a public 

3 message encryption key and said message decryption key of said trusted intermediary 

4 is a private message decryption key. 

1 22. A computer for use in communications between partners that belong to a plurality of 

2 partners, comprising: 

3 storage means configured to store a message encryption key for each partner 

4 of said plurality of partners that is authorized to use said computer to 

5 receive messages; 

6 message encryption means; 

7 sending means; and 
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8 receiving means configured to receive messages that are originated by 

9 partners of said plurality of partners and that are intended for other 

1 0 partners of said plurality of partners; wherein 

1 1 for each message thus received, 

1 2 said message encryption means encrypts the message using the 

1 3 message encryption key associated with the partner for which 

1 4 the message is intended; and 

1 5 said sending means sends the encrypted message to the partner for 

1 6 which the message is intended. 

1 23 . The computer system of claim 22 further comprising message decryption means that, 

2 for each message thus received, produces that message firom an encrypted message. 

1 24, A computer network for use in conmiunications between partners that belong to a 

2 plurality of partners, comprising: 

3 a plurality of computers each of which is configured to store a respective 

4 message decryption key of a partner of said plurality of partners that is 

5 authorized to use a trusted intermediary computer to receive messages; 

6 wherein said trusted intermediary computer is configured 

7 to store a plxjrality of message encryption keys each of which 

8 corresponds to the respective message decryption key that is 

9 stored in each of said plurality of computers; 

1 0 wherein, upon receiving messages that are originated by partners of said 

1 1 plurality of partners and that are intended for others partners of said 
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1 2 plurality of partners, said trusted intermediary computer, for each 

1 3 message thus received, is configured 

1 4 to encrypt the message using the message encryption key 

1 5 associated with the partner for which the message is 

16 intended, and 

1 7 to send the encrypted message to the partner for which the 
1 g message is intended. 
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